Axon HIPAA Compliance Bundle
Health Insurance Portability and Accountability Act (HIPAA)
Disclaimer: Organizations are not required as a matter of law to comply with this document, unless legislation, or a direction given under legislation or by some other lawful authority, compels them to comply. This document does not override any obligations imposed by legislation or law. Furthermore, if this document conflicts with legislation or law, the latter takes precedence.
The Health Insurance Portability and Accountability Act (HIPAA) was established in the United States law in 1996 to promote the protection of personal health information by preventing the selling, transferring, or use of an individual’s information for business gain, personal leverage, or malicious harm in general. HIPAA’s “Security Rule” standard was established to facilitate control adherence, monitor the health of the compliance program, and adapt to an ever-changing risk environment. In 2009, HITECH was devised to further enforce breach standards for HIPAA and the implementation of utilizing Electronic Health Records (EHR).
HIPAA Requirements - High-Level Overview | |
|---|---|
Administrative Safeguards (§164.308) | Defined in the Security Rule as the “administrative actions and policies, and procedures to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity's workforce in relation to the protection of that information.” |
Physical Safeguards (§164.310) | Defined as the “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.” |
Technical Safeguards (§164.312) | Defined as the “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” |
LogRhythm’s HIPAA content provides augmented and direct support for multiple HIPAA requirements through a collection of pre-bundled searches, lists, dashboards, and reports. All Dashboards are supplied with data from the underlying searches. You can then schedule reports from the searches for periodic generation and delivery, or generate them on demand. To identify areas of non-compliance in real-time, you can leverage the dashboard for immediate analysis of activities that impact your organization's electronic health records systems.
Please refer to our User Guide for detailed information and implementation guidance on the included searches, lists, and dashboards.
HIPAA Content can be obtained from the compliance folder within the Axon Content GitHub repository.
Additional Resources
The Department of Health and Human Services (HHS) website (https://www.hhs.gov/hipaa/index.html) provides the following additional resources to assist organizations with their HIPAA assessments and validations:
Refer to the HHS website at https://www.hhs.gov/hipaa/index.html for information about these and other resources.